Documentation
¶
Index ¶
- func MaskKey(key string) string
- type ProviderKeyManager
- func (m *ProviderKeyManager) CleanExpiredCache()
- func (m *ProviderKeyManager) Close() error
- func (m *ProviderKeyManager) DecryptProviderKey(ctx context.Context, userID, provider, encryptedKey string) (string, ProviderKeySource, error)
- func (m *ProviderKeyManager) EncryptProviderKey(ctx context.Context, providerKey string) (string, error)
- func (m *ProviderKeyManager) InvalidateCache(userID, provider string)
- type ProviderKeySource
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type ProviderKeyManager ¶
type ProviderKeyManager struct {
// contains filtered or unexported fields
}
ProviderKeyManager handles encryption/decryption of third-party provider API keys (OpenAI, Groq, Anthropic, Google) using Google Cloud KMS for enterprise-grade security.
func NewProviderKeyManager ¶
func NewProviderKeyManager(ctx context.Context, projectID, location, keyRing, keyID string) (*ProviderKeyManager, error)
NewProviderKeyManager creates a new provider key manager with KMS encryption
func (*ProviderKeyManager) CleanExpiredCache ¶
func (m *ProviderKeyManager) CleanExpiredCache()
CleanExpiredCache removes expired entries from cache (should be called periodically)
func (*ProviderKeyManager) Close ¶
func (m *ProviderKeyManager) Close() error
Close closes the KMS client
func (*ProviderKeyManager) DecryptProviderKey ¶
func (m *ProviderKeyManager) DecryptProviderKey(ctx context.Context, userID, provider, encryptedKey string) (string, ProviderKeySource, error)
DecryptProviderKey decrypts a provider API key using Google Cloud KMS Returns the decrypted key from cache if available, otherwise decrypts with KMS
func (*ProviderKeyManager) EncryptProviderKey ¶
func (m *ProviderKeyManager) EncryptProviderKey(ctx context.Context, providerKey string) (string, error)
EncryptProviderKey encrypts a provider API key using Google Cloud KMS
func (*ProviderKeyManager) InvalidateCache ¶
func (m *ProviderKeyManager) InvalidateCache(userID, provider string)
InvalidateCache removes a specific provider key from cache
type ProviderKeySource ¶
type ProviderKeySource string
ProviderKeySource indicates where the provider key came from
const ( ProviderKeySourceTransient ProviderKeySource = "transient" // From Authorization header (dual-key) ProviderKeySourceCached ProviderKeySource = "cached" // From in-memory cache ProviderKeySourceStored ProviderKeySource = "stored" // From KMS-encrypted Datastore )
Source Files
Click to show internal directories.
Click to hide internal directories.